CVE-2007-3300

Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/36728
http://osvdb.org/36729
http://secunia.com/advisories/25738	Vendor Advisory
http://www.f-secure.com/security/fsc-2007-5.shtml
http://www.securityfocus.com/bid/24525
http://www.securitytracker.com/id?1018266
http://www.securitytracker.com/id?1018267
http://www.securitytracker.com/id?1018268
http://www.vupen.com/english/advisories/2007/2247
https://exchange.xforce.ibmcloud.com/vulnerabilities/34942

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f-secure:f-secure_anti-virus:2.16::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.61::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.61::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.64::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.64::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.65::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.65::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.0.2:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.2.1:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.3.0:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.40::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.43::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.44::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::citrix_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.54::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.55::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.56:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.61::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.01::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.01::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.02::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.2::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.03::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.21::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.30::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.30_sr1::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.31::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.40::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.60::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.61::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:7.00::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:7.00::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:7.00::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:7.00::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2005:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:2006:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:2007:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security::::::::
	cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security::::::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2005:::::::*
	cpe:2.3:a:f-secure:f-secure_internet_security:2006:::::::*
	cpe:2.3:a:f-secure:f-secure_internet_security:2007:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper::::::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.06::linux:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.14::linux:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.15.484::linux:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.16::linux:::::
	cpe:2.3:a:f-secure:solutions_based_on_f-secure_personal_express:6.20:::::::*

History

No history.

Information

Published : 2007-06-20 22:30

Updated : 2017-07-29 01:32

NVD link : CVE-2007-3300

Mitre link : CVE-2007-3300

CVE.ORG link : CVE-2007-3300

JSON object : View

Products Affected

f-secure

f-secure_anti-virus_linux_server_security
f-secure_internet_security
solutions_based_on_f-secure_personal_express
f-secure_anti-virus_linux_client_security
f-secure_anti-virus
internet_gatekeeper

CWE

NVD-CWE-Other

{"id": "CVE-2007-3300", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-20T22:30:00.000", "references": [{"url": "http://osvdb.org/36728", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36729", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25738", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.f-secure.com/security/fsc-2007-5.shtml", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24525", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018266", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018267", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018268", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2247", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34942", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive."}, {"lang": "es", "value": "M\u00faltiples productos antivirus de F-Secure para Microsoft Windows y Linux anterior al 19/06/2007 permiten a atacantes remotos evitar el escaneo mediante una cabecera artesanal en un archivo (1) LHA o (2) RAR."}], "lastModified": "2017-07-29T01:32:09.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2.16:*:linux_gateways:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1473BDA6-ADD8-41C0-95DD-D82A1317FB01"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CC9AA17-3EF4-4BC5-9E29-5A6525B9AC51"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9C60C23-FC4D-4D14-B3E3-ECD797888AB3"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AE00A20-8152-48D9-9AC4-EA359284E635"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B334073-9FF3-4F75-8702-51DB6937B7F6"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_gateways:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A277838-B3AE-45E4-9E1D-005F63FB7573"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C62796-C9C0-485E-A58B-6510AFA80F33"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.64:*:linux_gateways:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F448567-DCAB-4B5F-B939-5B630A5A9B70"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.64:*:linux_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A49C5BE3-EF09-4B73-A8F7-95B428EB28F3"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.65:*:linux_gateways:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D73A43-3FBF-422D-B3CF-136F4B7A9A5C"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.65:*:linux_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58668CA2-425C-470E-BA2A-E791EEED6046"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8549318-DCD7-420A-AAD6-CE1D7E167E20"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BB606BE-CCA7-41BF-AB9F-E7C362FBADA3"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E92D04F2-5029-445C-ADF5-4FCC11E658BA"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46F72328-7B69-4A1B-A065-E65544F27A75"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.40:*:workstations:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "461627F0-2CEF-4623-B38E-6B30059B0B40"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0D25A1D-2B31-4B29-96FE-A793F8244F66"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC90ADFD-32FE-4EA1-9583-5EFE585152CB"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "858468E0-4208-4703-A3AA-4BF6CC254DDB"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E26052D-35B8-44E7-8F66-442BA55F4483"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.43:*:workstations:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "352EE11B-2385-4359-BEA1-706FEA3E9D9F"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.44:*:workstations:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D35E1591-553E-42F0-AE3E-16A2A5640F9F"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:citrix_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAB9474C-A4F9-45C0-A77C-34B794AE2262"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBA4A9B7-626A-4539-852F-96C49D860E41"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.54:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D9796D5-C957-410D-96A8-7C1AC1D614A6"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.55:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B734B9-4D8C-4195-AA01-83DDEC535BC8"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EDFA260-07D3-463D-BDAA-4C6F9F4D52FD"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.61:*:mimesweeper:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEF8C12D-ADF4-4FAE-8B13-B69BFA5AFF2F"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.01:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F874EF46-3E17-4A51-A576-7E0BFE1FD4EA"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.01:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1171FFA9-4898-4174-AD17-C6E47A120585"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.02:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "995DCFD5-5745-48E6-BC0E-B8AE3F194CFD"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.2:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4401535F-9AC5-4419-A6B6-9A877887A3D0"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.03:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B5FC2F8-A355-4964-B908-0DCC00734BB1"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19828867-7079-4233-A3B8-BF7A3052FB8B"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.30:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97610DB9-0379-4EB3-95E6-9B5C21E5A6E7"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.30_sr1:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5777A2C3-5EB0-495E-8E0E-94BCA86D5E4E"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.31:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D43D811-F305-4709-9C43-862A7FC783B3"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "375B5B66-822B-4142-BAA3-0928DE7A8D6A"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.60:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1CCFFE-4745-46BE-840F-F658245A6058"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.61:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "880E04C0-42C2-4261-92D1-CF83133567F4"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:7.00:*:client_security:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D990AE62-7B09-4DA8-ADB7-3CBA2DF18683"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:7.00:*:ms_exchange:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2BF5C8E-D1C4-4082-AFBE-8A8413CE1392"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:7.00:*:windows_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BED6F056-D9E2-4799-A432-DC07F8154AA6"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:7.00:*:workstations:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4382A281-75F3-455C-B7EF-8514531C17C6"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C2C1784-2482-4CBE-BE6D-4519C3FB64BC"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A6B8424-EED8-4A09-9A9C-FC5F76A9FAF5"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1106DE08-DE9A-488B-8C5D-28E353CDEEEB"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D98FEBC4-42EF-49BE-B4D5-03CC171802CA", "versionEndIncluding": "5.52"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A4B299-F94E-4369-A388-CE245A5D9B22", "versionEndIncluding": "5.52"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89A0FDD3-3364-4452-BD6F-EB6F85D3119A"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C788A5AB-C847-476C-9767-C6711F2D4EA1"}, {"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3972C7F1-8B78-4A5D-8A75-C6CA01E997DF"}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E1AD9C7-5990-4BFE-A2D2-7845EDBF478A", "versionEndIncluding": "6.61"}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:2.06:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E76051-5D4A-4C8C-A911-3B78BFEA77CE"}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:2.14:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46AD4E4B-E01A-4CC5-8D05-14B5B6935408"}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:2.15.484:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "574BD76C-3990-4B5D-B111-B6D980B166CA"}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:2.16:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5668C3F-8BA7-47B1-8428-21D7346824DA"}, {"criteria": "cpe:2.3:a:f-secure:solutions_based_on_f-secure_personal_express:6.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E99B3025-7A16-4AD8-A5F8-2CE2D7E3E102"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.3 /10